VYPR
High severity7.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026

CVE-2016-10539

CVE-2016-10539

Description

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
negotiatornpm
< 0.6.10.6.1

Affected products

2
  • ghsa-coords
    Range: < 0.6.1
  • HackerOne/negotiator node modulev5
    Range: <= 0.6.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.